Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26/08/2024, 08:00
Static task
static1
Behavioral task
behavioral1
Sample
c2967dacc1b49c5738edfe378d43a7b6_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c2967dacc1b49c5738edfe378d43a7b6_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c2967dacc1b49c5738edfe378d43a7b6_JaffaCakes118.html
-
Size
7KB
-
MD5
c2967dacc1b49c5738edfe378d43a7b6
-
SHA1
d38674832cfb3ecdc6d8da20e3d653df5053637e
-
SHA256
8ce47bd487491867e829ede51ee44414d19c2817bb161a1adc74d9dd9640f1ac
-
SHA512
678abc647aaa62f1316e1527ea9684222fc409ec40044acb7157e46b1aa87e775f2920b53a2ad2258947a00f35def76cf21fdc4f8d47fe55783224c2f4d950b2
-
SSDEEP
96:uzVs+ux7mHLLY1k9o84d12ef7CSTUzq7CY4WcEZ7ru7f:csz7mHAYS/ZCY4Wb76f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1584 msedge.exe 1584 msedge.exe 64 msedge.exe 64 msedge.exe 440 identity_helper.exe 440 identity_helper.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 64 wrote to memory of 1596 64 msedge.exe 84 PID 64 wrote to memory of 1596 64 msedge.exe 84 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1780 64 msedge.exe 85 PID 64 wrote to memory of 1584 64 msedge.exe 86 PID 64 wrote to memory of 1584 64 msedge.exe 86 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87 PID 64 wrote to memory of 1608 64 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2967dacc1b49c5738edfe378d43a7b6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:64 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcad46f8,0x7ff8bcad4708,0x7ff8bcad47182⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3224
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4140
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4432
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
477B
MD5789a5cbf556f4edad8bf4357f05ad6b4
SHA162b8cb53c62b307dd2f06279842ef3c2ff78c985
SHA25637d3e1225aff1eec3ba4cdd79fcc113ad0268e90cd4a91d6347c9f97488700ad
SHA512908658baf2fb5ce0c8a88f48f46e762143f262f4760c8f08bfc210627bfe730942df3d28e1c0a596f4c55be6ec63db629d8b3f596773c5cd5d3b48d0fe036b3c
-
Filesize
5KB
MD5157446f0833f41af0a1b6c5f2472de77
SHA130af7de4dfaf22d3f2febf0b3b6901bb29a79e41
SHA25674eabba3ab8207d01108de1f91e5cd83fc1b75f2b7a123e4ebf36aa0d9b5e180
SHA5128e36f943306655e42955b34fe2a1b47fc8afaa228148bfb44309e1ead6e616e4a60b173e672f090d0c6cc073fb7c7dc194fdd78bb8c013a9c6b2814ff89ecd44
-
Filesize
6KB
MD5cf30a21868cdf8513f5fe4c56ecf98a3
SHA11c3162454b77210d612e65084abe199a273f6ba8
SHA256e4316bf6e40c578c5db402f0eb368a7b54892ca6f96808dfaf0982bc458a1826
SHA51247d5f87524ab867e7ee5a25da35776e0c08c679a16b312cf36be97d0403df7086869c3ac1dd584dae3ec0d5583fbef19ae3e502ee1d73162069851d94ffe1517
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD511677970cc63d39684ac0b68f899a104
SHA17d09e6ea3fbd7be38403e0008e595e44e310383f
SHA256f31cb3bf3b7b40209eb0df7b59f92062d6a18936139f7fbc386e0b1d114074c1
SHA51218721328312b3c9d677a95c22a2b069b8b5b84496c44e6fbd0d50ad5ad15a14385caedfa9454032b18f29056af720a3681b1617df8157f7a7f2d6bfed2161699